Wireless communications devices, such as wireless smartphones, are used worldwide by millions of people. For example, smartphones may employee features of both a computer and a mobile phone. Wireless communications devices allow users to execute many different types of applications on the same platform. In addition, wireless devices store user information, such as contact lists, and generate task lists, schedule appointments and set reminders. Text and email communication has become ubiquitous. Further, users access information, such as news, sports, entertainment, stock data, weather reports, movie times and locations and a wide array of other information. Wireless communications devices also provide GPS applications for navigation, identifying locations of friends, identifying the location of businesses, etc. Still further, business critical applications have been developed to allow employees to perform their jobs better and more efficiently. For example, much of the work usually performed using a notebook or desktop computer may now be performed anywhere using a wireless communications device. Accessories have also been developed, such as credit card readers and QR codes, have revolutionized the way goods and services are bought and sold. Wireless communications devices are also enabling businesses to target customers using through text message advertising, smartphone applications, social networks. Thus, wireless communications devices have turned into powerful tools that allow easy access to a host of critical corporate information.
With the transmission and reception of such a plethora of data, the security of such data has come into question. Previous attempts to address these security issues by the government, as well as industry, have focused on securing the smart device itself, modifying the OS, modifying the handset, using special applications, only enabling limited user features, and providing only limited capabilities, which have all been plagued by Certification and Accreditation (C&A) delays and excessive maintenance costs. Each attempt has failed to do so in an economic and/or efficient manner. For example, methods that use primary and secondary wireless devices have been proposed to secure transmission of signals in wireless communications devices. However, such a multi-tiered approach increases complexity and cost associated with such information. Additional efforts have been proposed to secure electronic health records, which may be shared using wireless communications devices. In this area, much of the focus has been on encryption and authentication, which is easily overcome by inside workers.
Accordingly, documents are traveling farther and wider than ever before due to expanding corporate ecosystems and increasingly virtualized business networks encompassing more partners, joint ventures, and collaborative projects. While transactions, such as merger and acquisition and technology licensing, have long wrestled with the problem of securing documents traveling outside the company, now a host of business and collaborative processes face the same problems. Nevertheless, many of today's endpoints are neither known nor protected. Even as wireless communications devices are being used to access personal applications on the web, they are also accessing corporate resources such as e-mail and business databases—all from the very same unmanaged devices, which have not been vetted by the security organization.
Some of the key commercial issues to address in securing smart devices is frequency of device hardware, software and firmware releases, short time to live in the market place (e.g., may be 8 months or less), user downloadable applications containing malware, lack of security features provided by the developer, lack of user awareness of security threats, vulnerabilities and secure processing practices sometime referred to secure hygiene or security hygiene.
The security problems discussed above are not limited to the enterprise, of course. While the securing of smart devices including smart phones, smart tablets, iPods, iPads, and personal data devices is a challenging task for numerous reasons in the commercial market, the use of smart devices is the tactical environment is even more challenging. Secure smart devices in the tactical environment can add the following security concerns; supply chain, user down load of unapproved applications, processing of classified data on unsecure devices, data storage, user identification, authorization and access.
To raise the information assurance level of products and services more broadly, the protection of national security systems demands are teamed with public and private institutions, which the whole spectrum of information technology (IT) users. The National Security Agency (NSA) applies its information assurance (IA) resources to evaluate wireless communications device products to test and formal analyze, among other things, cryptographic security, functional security, tamper resistance, emissions security and security of the product manufacturing and distribution process. Previous attempts to secure wireless communications devices for classified processing by governments have included government development of a secure smart phone, software only solutions, trusted operating system with separation kernels, special applications, and rented privately owned government leased code division multiple access (CDMA) network access. However, each wireless communications device differs and therefore would require separate certification. Due to the time required for NSA approved secure communications certificaton, newly-released smart wireless communications devices would likely be obsolete before it could be analyzed for NSA-approval for secure communications.